WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Funnel Builder by CartFlows < 1.3.1 - Authenticated Arbitrary Plugin Activation

Description

Issue allowing any authenticated user to active a plugin on the blog.

Affects Plugins

cartflows
Fixed in version 1.5.16

References

CVE
CVE-2019-25151
URL
https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

No

WPVDB ID
b6725319-909f-4d5c-9b34-8b6ea627b223

Timeline

Publicly Published

2019-11-07 (about 3 years ago)

Added

2019-11-07 (about 3 years ago)

Last Updated

2023-06-08 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin